CVE-2024-22024 is an XML Exterior Entity (XXE) vulnerability that enables a distant attacker to entry inside recordsdata
CVE-2024-22024, a brand new excessive rated vulnerability affecting Ivanti Join Safe and Ivanti Coverage Safe software program has been disclosed. This software program is used to attach units to digital personal networks (VPNs). The vulnerability would enable a distant attacker to entry inside recordsdata by sending maliciously crafted XML recordsdata. The state of affairs is extra severe by the very fact that there's a identified, publicly accessible exploit.
The vulnerability CVE-2024-22024 is the newest in a sequence of excessive and important vulnerabilities found in a single month (CVE-2024-21893, CVE-2024-21887, CVE-2024-21888). It's value mentioning that the exploitation of those earlier vulnerabilities has been detected in the wild, so it isn't discarded that this final vulnerability can be exploited in the identical approach.
Ivanti Join Safe and Ivanti Coverage Safe are Ivanti’s software program options oriented to the administration and communications via digital personal networks (VPN), used to attach units to networks in a safe approach. These options have been beforehand developed by Pulse Safe, an organization that was acquired by Ivanti in 2020.
Key options
- CVE identifier: CVE-2024-22024
- Launch date: February 08, 2024
- Affected software program: Ivanti Join Safe / Ivanti Coverage Safe
- CVSS rating: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L (8.3 Excessive)
- Affected variations:
- Ivanti Join Safe: 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2, 22.5R1.1, y 22.5R2.2
- Ivanti Coverage Safe: 22.5R1.1 y ZTA 22.6R1.3.
- Exploitation necessities:
- The online service have to be out there for the attacker.
The susceptible useful resource is /dana-na/auth/saml-sso.cgi and it could be sufficient for its exploitation to make a POST request that included a parameter known as SAMLRequest, and whose worth was a malicious XML that had some form of entity that referred to each inside sources of the server or exterior addresses.
Mitigation
The principle resolution is to urgently replace the Ivanti software program to one of many new patched variations that repair this vulnerability:
- Ivanti Join Safe: 9.1R14.5, 9.1R17.3, 9.1R18.4, 22.4R2.3, 22.5R1.2, 22.5R2.3,22.6R2.2
- Ivanti Coverage Safe: 9.1R17.3, 9.1R18.4 and 22.5R1.2
- ZTA gateways: 22.5R1.6, 22.6R1.5 and 22.6R1.7.
Ivanti has published a post with the official info and associated updates of this vulnerability.
Detection of the vulnerability CVE-2024-22024
The presence of the vulnerability might be recognized by the model quantity.
As a part of its rising vulnerabilities service, Tarlogic proactively screens the perimeter of its shoppers to report, detect, and urgently notify of the presence of this vulnerability, in addition to different essential threats that might have a severe affect on the safety of their property.